Smartphone Theft: What Is Best Defense?

While mobile network operators are creating a global database to track stolen smartphones, some police say that's not enough. New York's Attorney General wants more from smartphone makers.

10 Top Password Managers

(click image for slideshow)

The latest smartphones might feature screens with unparalleled colors and clarity, cutting-edge cameras, and the ability to run a bewildering array of apps. But why don't they build in better loss prevention?

That's the gist of a plea issued this week by New York attorney general Eric T. Schneiderman, who's written to the CEOs of Apple, Google, Microsoft and Samsung, urging them to "help crack down on cell phone theft" by making it more difficult for thieves to wipe stolen devices' memory and resell the devices.

"This is a multi-billion dollar industry that produces some of the most popular and technologically advanced consumer electronic products in the world," said Schneiderman in a statement. "Surely we can work together to find solutions that lead to a reduction in violent street crime targeting consumers."

Apple, Google, Microsoft and Samsung -- plus Motorola, which is owned by Google -- control 90% of the U.S. smartphone market. All four except Google build some type of recovery capabilities into their devices. For Android, there are add-ons available in the Google Play online store.

But Schneiderman is not satisfied. He said his office is investigating whether the manufacturers -- such as Apple, which advertises its products' "safety and security by design" -- have engaged in deceptive trade practices by not combating the theft problem more forcefully. "I seek to understand why companies that can develop sophisticated handheld electronics and operating systems ... cannot also create technology to render stolen devices inoperable and thereby eliminate the expanding black market on which they are sold," wrote Schneiderman in his letters to the manufacturers.

Wielding both carrot and stick, Schneiderman in his letter suggested that he'll be seeking details of how much each of the four smartphone manufacturers earns from consumers paying to replace products that have been stolen. "I would be especially concerned if device theft accrues to your company's financial benefit through increased sales of replacement devices," he said.

Violent smartphone and tablet robberies are on the rise. According to the Attorney General's office, comparing all of 2011 to the first nine months of 2012, smartphone thefts in New York City increased by 40%. Such robberies have been dubbed "Apple picking," given thieves' apparent penchant for iOS products. But according to a 2011 New York Police Department study, only 30% of devices stolen from subways and buses were manufactured by Apple.

New York City ranked ninth in a list of the top 10 cities that reported the greatest numbers of 2011 phone thefts, which was compiled by security vendor Lookout Mobile Security. The study found that phone theft was most prevalent in Philadelphia, followed by Seattle and Oakland. The most likely place for a New Yorker to lose his phone was in a fast-food restaurant. By Lookout's estimates, based on its finding that the average consumer loses or misplaces one device per year, stolen cell phones could cost U.S. consumers $30 billion in replacement costs.

Schneiderman's office said that Lookout will be advising the New York state government -- pro bono -- on approaches to combating device theft.

I really hope that this investigation leads to the major smartphone and tablet companies to invent greater theft defenses on their devices. The amount of phone and tablet theft is alarming and until now there has not been any way to stop them. When a thief takes your phone or tablet it is easy for them to just shut it off so you cant track it and then wipe the memory clean. I know there will always be some hacker out there that will figure out a way to crack a code, but that is why these companies should be constantly updating their security protocols.

I think the solution here, with the ubiquity of cloud computing (storage, in this instance) and higher bandwidth capable networks and handhelds, would be to put all of the user's data in the cloud - preferably at the service provider. In that instance, if you have a device stolen, your personal information isn't on it - kind of going back to the terminal/mainframe paradigm. The loss of personal information and the threat of identity theft can seriously outweigh the cost of replacing the device.

Additionally, just how much does it cost to produce these devices? Maybe someone should look at it from that perspective - do I honestly think it costs Google, Apple or anyone else $650 (or more) to produce a handheld? Let's take a look at incidences instead of overall replacement costs.

And finally, if you want to stop these sorts of things, let's take a look at where someone would sell a stolen phone. There's a major on-line auction site out there (you're probably familiar) that has a bunch of interesting results if you search for "bad ESN". Now, I'm no expert in how carriers operate, but I believe the chief way of turning a good ESN into a bad ESN would be to report it stolen or lost. Now, granted, there are occasions where someone could have a phone with a bad ESN - lose your new device in the couch with the battery near dead and not be able to find it then report it as lost, but how many of those devices are stolen?

@Certifiable - the service provider has the IMEI number already, I believe it's used in the provisioning process in order to make sure that your device is allowed to access the service. All you'd need to do is call to report it lost/stolen and they have that information already.

@Doug - Not sure if this is really an option in your case, but you could get a used Android device that's WiFi enabled and with the right combination of applications, use it to make/receive phone calls when it's on the WiFi. You'd need to carry a hotspot of some sort, but there are deals out there where they're free and then $50/month plus you'd have the capability of hanging other devices (like a laptop or a tablet) off of the same hotspot. I currently have an older Droid that I use as a remote control for our TV service (Verizon FiOS) and can use it as a handset for my Google Voice number as well.

It is my understanding that if you report your stolen mobile phone's IMEI number to your phone service provider, then they could disable your phone, regardless of what SIM is inserted for use by any potential thief or subsequent buyer. You can get the IMEI number by dialing *#06# (asterisk-pound sign-zero-six-pound sign) BEFORE your phone is stolen, then store the IMEI number in a safe place, just like your credit card numbers.Anyone care to comment on this so called solution?

Best defense is to own a cheap or older model that nobody would want to steal. I'm stunned by how much money people spend on phones and data plans. My wife uses a 5-year old phone that was $9.95 and spends $7 per month on service with VirginMobileUSA. No, she can't surf the Web or check e-mail, but all she wants is a phone. I do want a smart phone, but I'll be damned if I'm going to spend $200 and then add $50 or more in monthly service fees.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.